The owner(s)/manager(s) of Notes Groups in the Domino ListOwner field can be mapped to the AD managedBy and msExchCoManagedByLink fields.
By default, the first Group owner/manager value in the ListOwner source field in Domino is mapped to the managedBy target field in AD. Additional Group owners/managers in the ListOwner source field in Domino are mapped to msExchCoManagedByLink target field in AD.
The following configuration attributes affect the Domino ListOwner to AD managedBy and msExchCoManagedByLink mapping when added to the config file in the <appSettings> section:
SetGroupManagedByFromListOwner
When set to true, the Domino ListOwner item populates the AD managedBy and msExchCoManagedByLink attribute if these mappings are in place and the AD attributes are not set. The default setting is false.
GroupListOwnerIsAuthoritative
When set to true, if the existing values in the AD managedBy and msExchCoManagedByLink properties do not match the Domino values, the AD values will be deleted before the Domino values are added. The default setting is false.
Default mapping for Domino Source field ListOwner to AD Target field managedBy and msExchCoManagedByLink:
Source Field | Internal Field | Target Field | Source Type | Target Type 1 | Target Type 2 | Comments |
---|---|---|---|---|---|---|
ListOwner |
BTCustom007 |
managedBy |
group |
group |
contact |
The first value in the ListOwner source field. |
ListOwner |
BTCustom008 |
msExchCoManagedByLink |
group |
group |
contact |
All additional values in the ListOwner source field excluding the first value. |
In Directory Sync Pro for Notes, an override is used to transform values in the target directory based upon a formula.
The formula language used is T-SQL, used in Microsoft’s SQL Server product line. A valid select statement in T-SQL would be Select (FirstName + LastName) from BT_Person. When adding an override you do not need to include a full SQL select statement as portions of the SQL statement are generated for you. Specifically, you are not required to use the select or from commands in the override. It is only required to enter the columns that should be selected. To continue the example above, a valid override would only need to contain the value of FirstName + LastName.
To add an Override:
When you save an override, Directory Sync Pro for Notes re-generates the Person or Groups view. It does this by dynamically generating a single SQL statement using the snippet of SQL code that is part of all overrides. The max size for this SQL statement is 8000 total characters. If many new overrides are added, this limit could be exceeded and an error when adding the overrides will occur. In addition to the default overrides, approximately 15-20 more Person and 20-25 Group overrides can be added before hitting the size limit.
To edit an override:
To delete an override:
To export overrides:
You can reset all overrides to the “factory defaults” by clicking the Reset Overrides button. Caution: This will remove any custom overrides or any edits to existing overrides. If you have made changes, you may want to export those changed overrides before a reset. You can import them later if you wish.
Directory Sync Pro for Notes uses the TypeOfTransaction column from the BT_Person table, or the Operation column from the BT_Groups table to determine what action to perform on the target object. These may have overrides applied to them, to control what actions Directory Sync Pro for Notes will take for an object. The below image shows an example of this kind of override.
Matching user accounts with Overrides
The values used for matching can have overrides applied to them. This is accomplished by setting up a new override using the field names MatchValue1, MatchValue2, MatchValue3 and MatchValue4. Each MatchValue1-4 corresponds the respective Source and Target pair on the matching tab.
These values are used for matching only. Values that get written to the target are based on the mappings, not the matching.
Field Name | Field Value | Description |
---|---|---|
TargetAddress | CASE EntryType WHEN 'user' THEN 'SMTP:' + P.Custom20 + '@domino.contoso.com' ELSE 'SMTP:' + dbo.ReplaceDomain(InternetAddress,'domino.contoso.com') END | This formula will dynamically set the targetaddress value based on the EntryType. |
TargetAddress | 'SMTP:' + dbo.UpdateInternetAddress(InternetAddress,'domino.') | This formula will set the TargetAddress value based on the InternetAddress and prefix the domain with the value specified, in this case "domino.". |
TargetAddress | ' 'SMTP:' + dbo.ReplaceDomain(InternetAddress,'domino.contoso.com') | This formula will set the TargetAddress value based on the InternetAddress and replace the domain with the value specified, in this case "domino.contoso.com". |
TargetAddress | CASE WHEN InternetAddress LIKE '%@example.com' THEN 'smtp:' + dbo.UpdateInternetAddress(P.InternetAddress, 'domino.') WHEN InternetAddress LIKE '%@knotes.contoso.com' THEN 'smtp:' + dbo.ReplaceDomain(P.InternetAddress, 'domino.contoso.com') ELSE P.InternetAddress END | This formula will dynamically set the targetaddress value based on the existing InternetAddress domain name value. If the first domain is found then the TargetAddress will be set to one value, if the second domain is found another value will be used and if neither domain is found then the TargetAddress will be set the same as the current InternetAddress value. |
CommonName | CASE EntryType WHEN 'user' THEN 'do$$' + SourceDirectoryID WHEN 'sharedmail' THEN 'do$$' + SourceDirectoryID ELSE CommonName END | This formula will dynamically set the CommonName value based on the EntryType. |
CommonName | CASE WHEN LEN(CommonName) > 64 THEN LTRIM(RTRIM(LEFT(CommonName,64))) ELSE CommonName END | This formula will limit the CommonName value to 64 characters if it exceeds that limit. |
ProxyAddresses | CASE ProxyAddresses WHEN '' THEN 'smtp:' + dbo.ReplaceDomain(InternetAddress,'@contoso.mail.onmicrosoft.com;smtp:') + dbo.UpdateInternetAddress(InternetAddress,'domino.') ELSE ProxyAddresses + ';smtp:' + dbo.ReplaceDomain(InternetAddress,'@contoso.mail.onmicrosoft.com;smtp:') + dbo.UpdateInternetAddress(InternetAddress,'domino.') END | This formula will set or append to the list of ProxyAddresses values the coexistence routing addresses. This example specifically is designed for Office 365. |
Company | LTRIM(RTRIM(LEFT(company, 50))) | This formula will Trim, then limit the string value by 50 characters. |
Custom001 | 'this is a string' | This formula will set any string value to the any SQL field. |
Custom001 | REPLACE(InternetAddress,'@','.') | This formula will replace the '@' symbol with a period '.' to create a string like so. (i.e. first.last.contoso.com) |
Custom001 | LEFT(InternetAddress,CHARINDEX('@',InternetAddress)-1) | This formula will extract the localpart of InternetAddress. |
The below tables include Domino fields with some kind of special processing in Directory Sync Pro for Notes. Fields can be have the following characteristic:
Explicitly set, even without mapping:
Field | On the Reserved List |
---|---|
$BTAction | • |
$BTSourceDirectoryID | • |
Form - when Directory Sync Pro created | • |
Type - when Directory Sync Pro created | • |
AvailableForDirSync - explicitly set to 0, when Directory Sync Pro created | • |
MailSystem - explicitly set to 3 | • |
MailDomain - set to Foreign Domain given in profile, when Directory Sync Pro created | • |
CalendarDomain - groups only, set to Foreign Domain given in profile, when Directory Sync Pro created | |
GroupType - groups only, explicitly set to 1, set for Directory Sync Pro created | • |
$Grouptype_Help - groups only, explicitly set to 1, set for Directory Sync Pro created | |
GroupTitle - groups only, explicitly set to 1, set for Directory Sync Pro created |
Never set:
Field | On the Reserved List |
---|---|
ResourceType | • |
Can be mapped, but will use the given values if they exist (and ignores overrides in that case):
Field | On the Reserved List |
---|---|
DisplayName – groups only, set to TargetDisplayName if it has a value | |
PrimaryAlias – groups only, set to TargetPrimaryAlias if it has a value | |
SAMAccountName – groups only, set to TargetSAMAccountName if it has a value | |
InternetAddress – groups only, set to TargetInternetAddress if it has a value | |
Name – groups only, set to TargetName if it has a value | |
CommonName – groups only, set to TargetCommonName if it has a value |
The below tables include AD fields with some kind of special processing in Directory Sync Pro for Notes. Fields can have the following characteristics:
Additional notes are available below for field marked with a *.
Attributes that may be set by Directory Sync Pro for Notes regardless of mapping:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
distinguishedName | • | |||
objectClass | • | |||
userPassword | • | |||
unicodePwd | • | |||
userAccountControl | • | |||
msExchRecipientDisplayType | • | • | ||
msExchRecipientTypeDetails | • | • | ||
msExchResourceDisplay | • | |||
msExchResourceSearchProperties | • | |||
msExchResourceMetaData | • | |||
showInAddressBook* | • | • | ||
msExchMasterAccountSid | • | • | ||
msExchPoliciesExcluded | • | • | ||
msExchPoliciesIncluded | • | • | ||
userAccountControl | • | • | ||
pwdLastSet | • | |||
adminDescription | • |
• |
Special processing if mapped:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
• | • | |||
assistant* | • | |||
manager* | • | |||
managedBy* | • | |||
altRecipient* | • | |||
authoring | • | |||
unauthOrig | • | |||
dLMemSubmitPerms | • | |||
dLMemRejectPerms | • | |||
sAMAccountName* | • | • | ||
legacyExchangeDN* | • | • | ||
mailNickname | • | • |
Never set:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
objectGUID | • | |||
objectSid | • | |||
whenCreated | • | |||
whenChanged | • | |||
uSNChanged | • | |||
name | • | |||
cn | • |
Attributes that may be set by Directory Sync Pro for Notes regardless of mapping:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
objectClass | • | |||
msExchRecipientDisplayType | • | • | ||
msExchVersion | • | |||
showInAddressBook* | • | • | ||
msExchPoliciesExcluded | • | • | ||
msExchPoliciesIncluded | • | |||
adminDescription | • | • |
Special processing if mapped:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
• | • | |||
assistant* | • | |||
manager* | • | |||
managedBy* | • | |||
altRecipient* | • | |||
authOring | • | |||
unauthOrig | • | |||
dLMemSubmitPerms | • | |||
dLMemRejectPerms | • | |||
sAMAccountName* | • | • | ||
legacyExchangeDN* | • | |||
groupType | • | • | ||
mailNickname | • | • |
Never set:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file |
---|---|---|---|---|
objectGUID | • | |||
objectSid | • | |||
whenCreated | • | |||
whenChanged | • | |||
uSNChanged | • | |||
name | • | |||
cn | • |
Special processing by Internal Field Name:
Field | Cannot be mapped | Can be mapped / have override | May be explicitly ignored | May be set with config file | If this internal field name is mapped and value is empty, actual value comes from different internal field |
---|---|---|---|---|---|
DisplayName | • | • | |||
PrimaryAlias | • | • | |||
SAMAccountName* | • | • | |||
InternetAddress | • | • | |||
Name | • | • | |||
CommonName | • | • |
AltRecipient – all objects
Uses the AltRecipient column (or override value if specified) for the source object.
Follows the same process as Manager above.
sAMAccountName – The sAMAccountName may be calculated under special circumstances, such as when a collision occurs. For this reason, during a sync following a reset, repush, or repushpull, the existing sAMAccountName in the target will be assumed to be current and therefore will be used in any mappings involving the sAMAccountName internal field.
Directory Sync Pro for Notes automatically ignores certain AD built-in groups during sync. The definition of which built-in groups to ignore is held in the database table DirSync_GroupsToIgnore_PK. This table is created and populated during the install process of Directory Sync Pro for Notes and is not configurable from the product UI. This list of groups can be modified only with direct access and permissions to SQL. When Directory Sync Pro for Notes performs a sync, any group encountered that matches with a group named in the DirSync_GroupsToIgnore_PK table is skipped and not entered into the database. This built-in group handling functionality is separate from the blacklisting functionality for groups which can be configured by an operator through the product UI, so when ignored these built-in groups are not considered to be ‘blacklisted’.
© ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center